• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Direct Access List Ignored

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Direct Access List Ignored Page: [1]
Message << Older Topic   Newer Topic >>
Direct Access List Ignored - 12.Dec.2007 2:37:40 PM   


Posts: 17
Joined: 31.Aug.2004
Status: offline
We were recently required to use an application that, for whatever reason, doesn't get along with our ISA 2004 authentication.  A logical step is to add the destination to the direct access list, which I've done.  It doesn't seem to make any difference.  I have confirmed that a PC loaded with the FWC and browser settings cannot connect with a "Proxy authentication required" error.  If I disable proxy settings in IE it can connect, but our environment needs both.

I've aded the site to the domains list (using several different formats including *.domain.com/*), updated the firewall client, rebooted, deleted wpad locally, setup autoconfig via GPO, disabled FWC and or browser settings etc.  I can't seem to bypass the proxy config using direct access no matter what configuration I try.

Any ideas?  It all makes perfect sense.  It just doesn't work.  It appears to be ignoring the direct access list.  Do I need a coresponding rule?  I've got 'em, cause it works withotu browser settings.

Any info is appreciated.

Post #: 1
RE: Direct Access List Ignored - 14.Dec.2007 4:00:32 AM   


Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline

Can you just create a rule allowing all to that destination/site. Usually JAVA applications does not like authenticated rule for some reason. Just make it anonymous. Hope it helps


(in reply to apolloth)
Post #: 2
RE: Direct Access List Ignored - 14.Dec.2007 2:14:21 PM   


Posts: 17
Joined: 31.Aug.2004
Status: offline
I did create a rule allowing all traffic to that particular URL.  I gave all users permissions, however that doesn't fix my issue with the direct access list.  I would rather get this working instead of creating rules for every app/connection. 

In the end the rule worked.  I first re-wrote the web app as a desktop app to use the current user permissions, but this wasn't a long term solution.  I ended up using the rule instead and locking it down as much as possible. 

If anybody has any ideas about why the direct access list approach isn't working I'd appreciate any info.


(in reply to ianfermo)
Post #: 3
RE: Direct Access List Ignored - 19.Dec.2007 9:10:02 AM   


Posts: 216
Joined: 9.Mar.2004
Status: offline
do you need the firewall client to direct the requests to the ISA Server (firewall client control channel)? or do you want this particular traffic off of your ISA Server all together?

I can help with either, but need to know which route you need to go.

Please advise.

(in reply to apolloth)
Post #: 4
RE: Direct Access List Ignored - 19.Dec.2007 12:53:33 PM   
Jason Jones


Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
 Have you got IP addresses in your direct access list?

Also check out you are using the correct format as provided here:





Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to abqtech)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Direct Access List Ignored Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts